Fighting Back Against Identity Theft

E-Mail "PHISHING"

Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.

Land Line Telephone "VISHING" & VOIP (Internet Phones "VISHING")

Vishing, (Voice PHISHING) also called "VOIP phishing for the Internet phones," is the voice counterpart to phishing. Instead of being directed by e-mail to a Website, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States.

In either case, because people are used to entering card numbers over the phone, this technique can be effective. Voice over IP (VOIP) is used for vishing because caller IDs can be spoofed and the entire operation can be brought up and taken down in a short time, compared to a land line telephone.

Text Message "SMISHING"

Smishing (SMS PHISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Website, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.

Mail Letter "PHISHING"

This new scam occurs where the phisher is creating a letter and sending it through the mail to individuals to respond to the letter by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection. This scam is used in conjunction with other channels to steal valuable personal and financial information of the individual receiving the letter.

What is Identity Theft?

"Identity Theft" is the act of obtaining a person's critical information, such as birth date, Social Security number, address, name and bank account information, for fraudulent purposes.

Most commonly, Identity Theft is used to conduct charges and purchases under the victim's identity.

How to Deter Identity Theft

Protect your Social Security number. Don't carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.

Don't give out personal information on the phone, through mail, or over the Internet unless you know who you are dealing with.

Never click on links sent in unsolicited emails; instead, type in a web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer; keep them up-to-date. Visit OnGuardOnline.gov for more information.

Don't use an obvious password like your birth date, your mother's maiden name, or the last four digits of your Social Security number.

Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house.

Credit reports contain information about you, including what accounts you have and your bill paying history. The law requires the major nationwide consumer reporting companies - Equifax, Experian, and TransUnion - to give you a free copy of your credit report each year if you ask for it.

Visit AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year. You can also write to: Annual Credit Report Request Service P.O. Box 105281 Atlanta, GA 30348-5281 Your financial statements Review financial accounts and billing statements regularly, looking for charges you did not make.

How to Defend Identity Theft

Defend against identity theft as soon as you suspect it.

Place a "Fraud Alert" on your credit reports, and review the reports carefully The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts. The three nationwide consumer reporting companies have toll-free numbers for placing an initial 90-day fraud alert; a call to one company is sufficient:

Placing a fraud alert entitles you to free copies of your credit reports. Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain.

Close accounts

Close any accounts that have been tampered with or established fraudulently.

Call the security or fraud departments of each company where an account was opened or changed without your consent. Follow up in writing, with copies of supporting documents.

Use the ID Theft Affidavit at ftc.gov/idtheft to support your written statement.

Ask for verification that the disputed account has been closed and the fraudulent debts discharged.

Keep copies of documents and records of your conversations about the theft.

File a police report File a report with law enforcement officials to help you with creditors who may want proof of the crime

Report the theft to the Federal Trade Commission Your report helps law enforcement officials across the country in their investigations.

Common Ways ID Theft Happens

Dumpster Diving They rummage through trash looking for bills or other paper with your personal information on it

Skimming They steal credit/debit card numbers by using a special storage device when processing your card

Phishing They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information

Changing Your Address They divert your billing statements to another location by completing a "change of address" form

Old-Fashioned Stealing They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records from their employers, or bribe employees who have access.

---------- Internet/E-Mail Fraud Alert ----------

Recently, there have been multiple e-mail fraud attempts, known as "Phishing", that were initiated via e-mail sent to both the general public and to some credit union members that appeared to be from NCUA. This false e-mail asked for the recipient to click on a link to verify their credit union account registration. If the recipient proceeded to do so, the link directed them to a false website and asked for their credit union account number and PIN, along with other personal information.

NCUA does not ask credit unions members for such personal information. Anyone who receives an e-mail that purports to be from NCUA and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

If you responded to such an e-mail and provided any confidential account information, please notify your credit union immediately of the scheme. You should also change your account’s PIN, and take any additional action recommended by your credit union to protect your account.

If you feel that you have received a fraudulent phishing e-mail purportedly from NCUA please forward the entire e-mail message to This email address is being protected from spambots. You need JavaScript enabled to view it.

Additionally, you can file formal complaints concerning any suspected fraudulent e-mail with the Internet Crime Complaint Center at www.ic3.gov. The Internet Crime Complaint Center is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate.

Miami Federal Credit Union does not ask our members for personal information. Anyone who receives an e-mail that purports to be from MFCU and asks for account information should consider it to be a fraudulent attempt to obtain their personal account data for an illegal purpose and should not follow the instructions in the e-mail.

If you responded to such an e-mail and provided any confidential account information, please notify us immediately at 305.377.1017. You should also change your account’s PIN. If you feel that you have received a fraudulent phishing e-mail purportedly from MFCU please forward the entire e-mail message to This email address is being protected from spambots. You need JavaScript enabled to view it..